Obsolete:PHP 4.4.x heap corruption

From Wikitech
This page contains historical information. It may be outdated or unreliable.

Segfault on exit in PHP 4.4.x. Object version: 

<?php
class C { var $m1, $m2, $m3, $m4, $m5, $m6; }
ini_set( 'memory_limit', -1 );
$a = array();
for ( $i=0; $i<100000; $i++) $a[] = new C;
?>

Array version: 

<?php
$t = array( 'm1' => null, 'm2' => null, 'm3' => null, 'm5' => null, 'm6' => null );
ini_set( 'memory_limit', -1 );
$a = array();
for ( $i=0; $i<100000; $i++) $a[] = $t;
debug_zval_dump($t);
?>

Returns: 

array(5) refcount(34466){
  ["m1"]=>
  NULL refcount(1)
  ["m2"]=>
  NULL refcount(1)
  ["m3"]=>
  NULL refcount(1)
  ["m5"]=>
  NULL refcount(1)
  ["m6"]=>
  NULL refcount(1)
}
Segmentation fault

With smaller array sizes, the reference count is correct and there is no segfault.

This is due to an unsigned short being used for a reference count in PHP 4. It was changed to an unsigned int in PHP 5.

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Obsolete:PHP_4.4.x_heap_corruption&oldid=75110"